A Romanian criminal group that allegedly runs one of the largest bank card skimming operations in the world collaborated with Mexican hackers, Venezuelan cyber crime experts and a Quintana Roo cartel boss to aid its criminal activities in Mexico.
According to a report by the newspaper Milenio based on Mexican and United States intelligence, a Romanian mafia led by Florian “The Shark” Tudor forged criminal alliances to maintain its operations in Mexico and facilitate its cloning of bank cards, hacking of ATMs and money laundering activities.
In March 2017, the criminal organization stole 150 million pesos (US $7.5 million at today’s exchange rate) in a period of just 24 hours from ATMs in the Riviera Maya of Quintana Roo, Mexico City and México state. More on that later.
Among the Mexican hackers that worked with the Romanian group were members of an organization known as Bandidos Revolution Team, which was dismantled in 2019 when eight people, including the gang’s leader Héctor Ortiz Solares, were arrested in León, Guanajuato.
That hacking group is accused of stealing more than 400 million pesos (US $20 million) from accounts with several financial institutions including Banorte and Inbursa. In addition to arresting the eight bandidos, authorities seized 27 luxury vehicles, motorcycles, more than 20 million pesos in cash, drugs and weapons.
According to a federal security cabinet intelligence report, Tudor also entered into alliances with at least three Venezuelan cyber crime specialists, or hackers. The Venezuelans are accused of developing the method used by the Romanian mafia to fleece cash from ATMs.
An international and Mexican investigation published last June found that the Romanian crime syndicate has been operating in Mexico since 2014, when the gang formed a front company, Top Life Servicios, and persuaded the Mexican bank Multiva to allow them to install their Intacash brand of cash machines.
A separate investigation found that that Bluetooth devices had been placed inside the ATMs to clone the cards and that members of the mafia needed only to walk up to the tampered cash machines with a cell phone to download the stolen data.
That investigation, conducted by United States journalist Bryan Krebs, found compromised bank machines in several Quintana Roo locations including Cancún, Playa del Carmen and Tulum.
Another person who collaborated with the Romanians, according to Mexican and U.S. authorities, was Leticia Rodríguez Lara, a crime boss known as Doña Lety who was arrested in August 2017. Law enforcement sources told Milenio that Doña Lety, who was allegedly the leader of the Pacific Cartel in Cancún, and The Shark had a business relationship and were also personal friends.
Rodríguez, whose criminal group seized control of Cancún and Playa del Carmen from Los Zetas, allowed the Romanians to conduct their illicit activities on the turf where she held sway.
In November 2017, federal authorities seized two safes containing 2,000 fraudulent cards that were allegedly used by the Romanian mafia as well as Rodríguez and her son to illegally withdraw cash from ATMs.
Eight months earlier, in a 24-hour period between March 16 and 17, 2017, the Romanians used cloned cards to steal 150 million pesos from BBVA Bancomer ATMs in Quintana Roo, Mexico City and México state.
Intelligence documents reveal that the criminal group used just 11 cards to complete the audacious heist, which was supported by one of the Venezuelan hackers. Milenio said that the cards were modified in such a way that enabled them to be used for limitless withdrawals. As a result, the Romanian mafia was able to withdraw an average of 6.25 million pesos (US $312,000) an hour or about 104,000 pesos (US $5,200) per minute.
A federal security cabinet document obtained by Milenio indicates that the Romanian mafia also stole similarly large amounts from Citibanamex, Wells Fargo, Chase, Bank of America and TD Bank ATMs. It is unclear where those heists occurred.
Security cabinet documents also allege that a network of politicians from several parties as well as officials at the Quintana Roo Attorney General’s Office have protected and collaborated with the Romanians. An investigation by journalist Héctor de Mauleón found that the Romanians have also been protected by police and judges in Cancún.
One of the alleged co-conspirators is Remberto Estrada, a former mayor of Benito Juárez, the Quintana Roo municipality that includes Cancún.
He told Milenio that he has never had any dealings with members of the Romanian crime organization, which is believed to be responsible for about 10% of all card skimming activity worldwide.
“I don’t know them, I’ve never met any person of that nationality in my entire life,” Estrada said. The ex-mayor, in office between 2016 and 2018, added that he knew nothing of the Romanians’ card cloning activities and ATM thefts until he read about them in the media.
The Romanians engaged in money laundering to “clean” their ill-gotten cash, according to United States and Mexican investigations. The FBI asked the Mexican government’s Financial Intelligence Unit (UIF) to investigate the group’s money laundering activities and 79 bank accounts were blocked as a result.
Tudor – who has repeatedly denied that he engages in criminal activity, claiming he is only a businessman – and most of his alleged accomplices remain at large. However, about 100 Romanian citizens were detained for four days at Cancún International Airport last week before the majority were allowed to enter the country. Milenio suggested that the Romanians were detained as a result of travel alerts that may have been related to cyber fraud and bank card cloning but Mexican authorities didn’t confirm that information.
According to the UIF, the Romanian criminal syndicate has now expanded to other tourists destinations in Mexico, including the Riviera Nayarit, Los Cabos and Puerto Vallarta.